CVE-2024-50258

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A crash can occur in the Linux kernel when a small gso max size or gso ipv4 max size is configured, leading to an underflow in sk dst gso max size(). This underflow may trigger a BUG ON crash because sk->sk gso max size would be much bigger than device limits. The issue is related to the tcp write xmit function, where tso segs is calculated using DIV ROUND UP(skb->len, mss now), which can result in a value of 0, triggering the BUG ON crash. A check for the minimum value of gso max size and gso ipv4 max size has been added to fix the issue.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider configuring a larger gso max size and gso ipv4 max size to avoid the underflow issue. Restrict access to the tcp write xmit function and related tcp set skb tso segs and tcp skb pcount set functions to minimize the risk of exploitation. Avoid using small values for gso max size and gso ipv4 max size until the issue is resolved.